Legal

Privacy Policy

Effective May 14th, 2026 · teio.ai/privacy

This Privacy Policy describes how teio, Corp. (“teiō,” “we,” “us”) collects, uses, and shares personal information when you visit teio.ai, use our client portal at portal.teio.ai, or engage with us under a Master Services Agreement. By using our website or Services, you agree to the practices described here. If you do not agree, please do not use our website or Services.

This policy covers personal information we collect as a controller — for example, information about prospects, website visitors, and our own client contacts. When we process data on behalf of a client under an engagement (“Client Data”), we act as a processor and the client’s own privacy notice governs that processing. Our handling of Client Data is governed by Section 7 of our Master Services Agreement.

1.Who we are

teio, Corp. is a Delaware corporation operating at teio.ai and portal.teio.ai. We are an AI transformation consultancy delivering scoped engagements priced in Story Points. For privacy questions, contact ops@teio.ai.

2.Information we collect

Information you provide

We collect information you give us directly, including:

  • Contact details — name, work email, company, role, phone number, when you submit a contact form, request a proposal, book a meeting, or correspond with us.
  • Account information — authentication identifiers from Clerk when you sign in to portal.teio.ai or admin pages, including email, name, and profile photo URL.
  • Engagement information — proposal responses, change requests, comments, approvals, and other content you submit through the client portal.
  • Communications — the contents of emails, meeting transcripts (where you have consented to recording), and chat messages exchanged with us.
  • Assessment responses — answers submitted through our AI readiness assessment.

Information collected automatically

  • Usage data — pages viewed, links clicked, referrer, approximate location derived from IP, browser and device characteristics. We collect this via product analytics (PostHog) and our own server logs.
  • Log data — request metadata (timestamp, route, status code, request ID, user agent) for security, debugging, and abuse prevention.
  • Cookies and similar technologies — session cookies set by Clerk to keep you signed in, preference cookies, and analytics cookies. You can disable cookies in your browser, though some parts of the Services will not work without them.

Information from third parties

We may receive limited information from publicly available sources or service providers (e.g., enriched company information for prospects, calendar metadata from Google Calendar when you book a meeting with us, meeting transcripts from Fireflies where a participant has enabled recording).

What we do not collect

We do not knowingly collect personal information from children under 16. We do not collect government identifiers, payment card numbers, biometric data, or precise geolocation. We do not sell personal information.

3.How we use information

We use personal information to:

  • Deliver and operate the Services, including the client portal and proposal flow;
  • Respond to inquiries and provide customer support;
  • Send transactional communications (proposal updates, change-request notifications, billing statements);
  • Send occasional marketing communications about our offerings — you can unsubscribe from any marketing email at any time;
  • Improve and develop our Services, including AI Accelerators, using aggregated and de-identified usage data;
  • Detect, prevent, and investigate fraud, abuse, and security incidents;
  • Comply with legal obligations and enforce our agreements.

5.How we share information

We do not sell personal information. We share personal information only in the following circumstances:

Service providers and sub-processors

We use the following enterprise-grade providers to operate our Services. Each is bound by confidentiality and data protection obligations no less protective than this policy:

  • Hosting & infrastructure — Vercel (hosting), Neon (managed Postgres), AWS, Google Cloud, Cloudflare.
  • Authentication — Clerk (sign-in, session management).
  • Email — Resend (transactional and marketing email delivery), Google Workspace (mailbox hosting for teiō staff).
  • Analytics — PostHog (product analytics and error tracking).
  • Communications & scheduling — Roam (chat / DM delivery), Google Calendar, Fireflies (meeting transcripts where consented), iClosed (meeting booking).
  • Payments & finance — banking providers used to process ACH/wire payments (e.g., Mercury, Wise).

Legal disclosures

We may disclose personal information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of teiō, our clients, or others. Where legally permitted, we will notify you before disclosing your information.

Business transfers

If we are involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction. The acquirer will be bound by this policy or a successor policy that is no less protective.

With your direction

We share information with third parties where you direct us to (e.g., a client authorizes us to grant a stakeholder access to a proposal in the portal).

6.Security

We maintain commercially reasonable administrative, physical, and technical safeguards to protect personal information against unauthorized access, use, disclosure, alteration, or destruction. Measures include encryption in transit (TLS) and at rest where technically feasible, role-based access controls, multi-factor authentication for systems containing sensitive data, structured audit logging, and regular security updates. No system is perfectly secure; if we become aware of a breach affecting your information, we will notify you and any required regulators without undue delay and in accordance with applicable law.

7.Data retention

We retain personal information for as long as is necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Account and engagement records — for the duration of the engagement plus seven (7) years for tax and contractual recordkeeping.
  • Marketing contacts — until you unsubscribe or request deletion, plus a short suppression-list retention so we honor your opt-out.
  • Server logs and analytics — typically up to 24 months in identifiable form, then aggregated or deleted.
  • Backups — retained per our standard backup-and-deletion cycles and remain subject to the confidentiality obligations of our agreements.

8.International data transfers

We are based in the United States, and our infrastructure providers process personal information primarily in the United States. If you access the Services from outside the United States, your information will be transferred to, stored, and processed in the United States and other countries where our service providers operate. Where required, we rely on appropriate safeguards such as standard contractual clauses or equivalent mechanisms approved under applicable data protection law.

9.Your rights

Depending on where you are located, you may have rights under applicable data protection law to:

  • Access the personal information we hold about you;
  • Correct inaccurate or incomplete information;
  • Delete personal information, subject to legal exceptions;
  • Restrict or object to certain processing;
  • Port your information to another provider in a structured format;
  • Withdraw consent at any time where processing is based on consent;
  • Lodge a complaint with a supervisory authority.

To exercise any of these rights, email ops@teio.ai. We will verify your request and respond within the timeframe required by applicable law. We do not discriminate against you for exercising any of your rights.

10.Cookies and tracking

We use cookies and similar technologies to keep you signed in, remember preferences, and understand how the Services are used. Categories:

  • Strictly necessary — session, security, and load-balancing cookies. These cannot be disabled.
  • Analytics — PostHog cookies that help us understand product usage in aggregate.
  • Preferences — remember choices like theme or last-visited dashboard.

You can control cookies through your browser settings. We honor “Do Not Track” signals where required by applicable law.

11.Children

The Services are intended for business use and are not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact ops@teio.ai and we will delete it.

12.AI features and meeting recordings

We use AI systems to deliver Services and to operate internal workflows (for example, classifying messages, drafting responses, and summarizing meetings). Where we use a third-party model provider to process information you submit, we use providers that contractually agree not to train their models on our or our clients’ data unless we explicitly opt in. Meeting recordings and transcripts are created only where a participant has enabled recording and notice has been given to attendees in accordance with applicable law.

13.Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy at teio.ai/privacy and updating the “Effective” date above. For material changes that affect how we use information you have already provided, we will give you advance notice where required by law.

14.Contact us

Questions, requests, or complaints about this Privacy Policy or our handling of your personal information should be directed to:

teio, Corp.
Email: ops@teio.ai

See also our Master Terms of Service.